Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Meraki MX250s Warm Spare with Ubiquiti Aggregation Switch Dual WAN

Solved
TechDude
Conversationalist
‎Sep 13 2021 11:00 AM
‎Sep 13 2021 11:00 AM

Meraki MX250s Warm Spare with Ubiquiti Aggregation Switch Dual WAN

Hi all,

I'm needing to set up a warm spare configuration with 2x Meraki MX250 devices. I have 2 ISP connections that I'd like to come into a Ubiquiti Layer 2 switch (USW-Aggregation) with 8 ports. I have only 1 of these switches, and really would like to get everything working with just this hardware. I'd like to have both WANs coming into the switch, and 4 outgoing connections, 1 of each WAN connection going to each MX250. What's the best way to do this?

 

Do I need the ISP to have their routers establish a VLAN for each WAN subnet, then tag each port on the Ubiquiti switch (incoming or outgoing) with the appropriate VLAN, then statically assign the physical ports on the MX250s with the correct IP address? I'm also planning on using a virtual IP for all actual WAN connections on the MX250s for a more seamless failover. Am I on the right track? I have limited network engineering experience and haven't ever dealt with the CE/PE relationship on the edge of a network.

 

Any help is greatly appreciated!

 

 

Labels:
0 Kudos
Subscribe
1 Accepted Solution
Bruce
Kind of a big deal
‎Sep 13 2021 2:00 PM
‎Sep 13 2021 2:00 PM

As has been said, use access ports, 3 in one VLAN, three in another VLAN on the switch. Keep in mind you will also need the ISP to provide you a /29 subnet (6 IP addresses) on the links to make the HA work - one is the ISP gateway, one for each MX and the virtual IP. The other two IP addresses can be used for anything (e.g. NATs on the MX).

View solution in original post

Subscribe
7 Replies 7
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 13 2021 1:11 PM
‎Sep 13 2021 1:11 PM

The ISPs won't need to do anything.

 

As you say, just make all the ports in the Ubiquity switch access ports.

Subscribe
In response to PhilipDAth
TechDude
Conversationalist
‎Sep 13 2021 1:22 PM
‎Sep 13 2021 1:22 PM

So having 2 WANs coming into that switch will route fine from the MX250s through the switch and out to the internet through all 4 ports between the switch and the 2 MX devices, right? As long as the switch is just acting as a dumb switch with access ports.

0 Kudos
Subscribe
KarstenI
Kind of a big deal
Kind of a big deal
‎Sep 13 2021 1:25 PM
‎Sep 13 2021 1:25 PM

You payed a five figure for your redundant firewalls, pay for redundant links but don’t want to spent 1k fo a second switch for full redundancy? Why???

Subscribe
In response to KarstenI
TechDude
Conversationalist
‎Sep 13 2021 10:09 PM
‎Sep 13 2021 10:09 PM

Great question. This client purchased these devices as an NFR. They have a Cisco partnership as a reseller for other products. They didn’t want to buy another switch if they don’t have to. 

Subscribe
Bruce
Kind of a big deal
‎Sep 13 2021 2:00 PM
‎Sep 13 2021 2:00 PM

As has been said, use access ports, 3 in one VLAN, three in another VLAN on the switch. Keep in mind you will also need the ISP to provide you a /29 subnet (6 IP addresses) on the links to make the HA work - one is the ISP gateway, one for each MX and the virtual IP. The other two IP addresses can be used for anything (e.g. NATs on the MX).

Subscribe
In response to Bruce
cmr
Kind of a big deal
Kind of a big deal
‎Sep 13 2021 2:17 PM
‎Sep 13 2021 2:17 PM

@KarstenI I'm guessing that @TechDude is doing some testing and this isn't production, as a $50 Cisco small business switch is fine for the WAN split.

Subscribe
In response to Bruce
TechDude
Conversationalist
‎Sep 13 2021 10:11 PM
‎Sep 13 2021 10:11 PM

This is great. Thank you. 

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.